IIA Standards and Governance - ACUIA.org Jack Greenberg - IIA... · 1 1 ©2012 CliftonLarsonAllen...
Transcript of IIA Standards and Governance - ACUIA.org Jack Greenberg - IIA... · 1 1 ©2012 CliftonLarsonAllen...
©2012 CliftonLarsonAllen LLP 1 1 1 1
©20
12 C
lifto
nLa
rso
nA
llen
LLP
IIA Standards
and Governance
Jack Greenberg
Director, Business Risk Services
CliftonLarsonAllen LLP
September 28, 2012
©2012 CliftonLarsonAllen LLP 2
Objectives
The objectives of today’s session are to share: Standards
• The initial findings from the IIA’s 2010 Common Body of Knowledge Survey
• Expand your understanding of the profession’s current state
• How practitioners and stakeholders view the future of the profession
• How internal auditing functions can address the gaps
©2012 CliftonLarsonAllen LLP 3
Objectives
Governance
• The Definition of governance
• The IIA’s governance model
• Who the participants and players are in effective governance
• Internal Audit governance activities
©2012 CliftonLarsonAllen LLP 4
STANDARDS
©2012 CliftonLarsonAllen LLP 5
Five Reports Cover the Global Survey Results:
1. Characteristics of an Internal Audit Activity
2. Core Competencies for Today’s Internal Auditor
3. Measuring Internal Audit’s Value
4. What’s Next for Internal Auditing
5. Imperatives for Change: The IIA’s Global Internal Audit Survey in Action
Reports are available free to IIA members on The IIA website
©2012 CliftonLarsonAllen LLP 6
©2012 CliftonLarsonAllen LLP 7
10 Imperatives for Change
Group I: Emphasize Risk Management & Governance
1. Sharpen Focus on Risk Management & Governance
2. Conduct a More Responsive & Flexible Risk-Based Audit Plan
Group II: Address Key Stakeholder Priorities
3. Develop a Strategic Vision for Internal Auditing
4. Focus, Monitor & Report on Internal Auditing’s Value
5. Strengthen Audit Committee Communications & Relationships
6. View Standards Compliance as Mandatory, Not Optional
Group III: Optimize Internal Audit Resources
7. Acquire & Develop Top Talent
8. Enhance Training for Internal Audit Activities
9. Take Advantage of Expanding Service Provider Membership
Group IV: Leverage Technology Effectively
10. Step up Your Use of Audit Technology & Tools
Appendix
Discussion Topics for Audit Committees
©2012 CliftonLarsonAllen LLP 8
1. Sharpen Focus on Risk Management & Governance
2. Conduct a More Responsive & Flexible Risk-Based Audit Plan
Group I Focus: Emphasize Risk Management & Governance
©2012 CliftonLarsonAllen LLP 9
Imperative 1: Sharpen Focus on Risk Management & Governance
Key Results of 2010 Global Internal Audit Survey
• 80% of respondents foresee an increase in risk management
activities
• Projected areas of increased focus over next five years:
– Corporate governance
– Enterprise risk management
– Strategy and company performance
– Ethics
©2012 CliftonLarsonAllen LLP 10
Imperative 1: Sharpen Focus on Risk Management & Governance
Survey Insights & Implications • Shifting emphasis will require new skills and expertise • Might need to shift staff time from more traditional audit activities
– Pursue synergies between governance and control activities to mitigate potential downsides of reduced efforts on traditional areas of audit focus
– Increased use of technology could enhance efficiency and effectiveness of more traditional areas of audit testing
• I/A challenge: Educate the staff on the need to place a higher priority on risk management and governance
©2012 CliftonLarsonAllen LLP 11
Key Action Steps
• Assess the maturity of your organization’s risk management and governance process
• Develop an appropriate strategic role for internal auditing – Tailor this strategic role to your organization – Take an incremental, step-by-step approach – Consider both assurance and consulting roles for internal audit,
taking into account the current and desired state of maturity for the activity
– Utilize relevant IIA publications such as: ◊ The Role of Internal Auditing in Enterprise-wide Risk Management (IIA position paper) ◊ 10 Risk Management Imperatives for Internal Auditing, a white paper
published by The IIA’s Audit Executive Center
– Review the IIA Standards pertaining to risk management and governance
©2012 CliftonLarsonAllen LLP 12
Key Action Steps
• Educate the audit/supervisory committee on relevant topics: – Risk management in general and the current state of risk
management and governance within the organization – Achieving an appropriate balance between the testing of internal
controls and the need to expand your focus on governance and risk management
– The longer-term strategy for the internal audit activity and the need to increase internal auditing’s focus on risk management and governance
• Ensure that the internal audit charter reflects the role and responsibilities of internal auditing
• Consider staffing and budgetary needs
©2012 CliftonLarsonAllen LLP 13
Imperative 2: Conduct a More Responsive & Flexible Risk-Based Audit Plan
Key Results of 2010 Global Internal Audit Survey
• 72.3% conduct an internal audit risk assessment as part of their
audit planning activity • 21.9% used a risk-based methodology to establish their audit plan • More than 60% only update their audit plans once a year
©2012 CliftonLarsonAllen LLP 14
Imperative 2: Conduct a More Responsive & Flexible Risk-Based Audit Plan
Survey Insights & Implications • The idea that an internal audit activity can update its audit plan
only once a year and still remain timely, responsive, and effective needs to be challenged strongly.
• Given the speed with which major risk events can materialize, – consider updating their risk assessments and audit plans on a more
frequent basis; to this point, – quarterly updates are becoming more prevalent among leading
internal audit activities.
• To develop a more responsive, risk-based audit plan, you will likely need to shift audit resources from activities focusing on lower-risk areas.
©2012 CliftonLarsonAllen LLP 15
Key Action Steps
• Assess the maturity of your risk assessment process – Develop plans to extend its application across the enterprise
• Assess your process for making periodic updates and revisions to your annual audit plan: – Develop steps to enable internal auditing to move faster and
make more frequent changes to the audit plan as the organization’s risks change
• Talk to your key stakeholders (executive management and the audit/supervisory committee) about the need to make more frequent updates to the audit plan
• Develop or refine your audit reporting to achieve a more direct link between changes to the organization’s risk profile and related changes to the audit plan
©2012 CliftonLarsonAllen LLP 16
3. Develop a Strategic Vision for Internal Auditing
4. Focus, Monitor & Report on Internal Auditing’s Value
5. Strengthen Audit Committee Communications & Relationships
6. View Standards Compliance as Mandatory, Not Optional
Group II Focus Address Key Stakeholder Priorities
©2012 CliftonLarsonAllen LLP 17
Imperative 3: Develop a Strategic Vision for Internal Auditing
Key Results of 2010 Global Internal Audit Survey • 57% of respondents have a mission statement • 51% indicate that they have an internal audit strategy
Survey Insights & Implications A well-conducted strategic planning exercise will allow the I/A Department to develop his or her mission for internal auditing and develop strategies and tactics to support that mission.
©2012 CliftonLarsonAllen LLP 18
Key Action Steps
• Review internal auditing’s mission, goals and stakeholder expectations
• Develop a vision for internal auditing covering a two-to-four-year time frame
• Conduct a gap analysis to compare your current capabilities and processes with those needed to achieve your vision
• Develop strategies and tactics to address perceived gap
©2012 CliftonLarsonAllen LLP 19
Key Action Steps
• Share this strategic plan with your key stakeholders, address their concerns, and get their buy-in and validation
• Seek appropriate funding and resources to pursue agreed-upon objectives
• Develop appropriate measures to monitor plan achievement, including periodic reporting
• Develop a communications plan to educate staff and management on future strategies and expected benefits
©2012 CliftonLarsonAllen LLP 20
Internal Audit Strategy Gap Analysis
Core Internal Audit Processes
Current State Future Vision Key Actions Timeframe to
Implement
Mission Statement
Human Resources
Risk Assessment
Audit Plan & Scope
Working Practices
Reporting
Technology
Performance Monitoring
IIA Standards Compliance
©2012 CliftonLarsonAllen LLP 21
Imperative 4: Focus, Monitor & Report on Internal Audit’s Value
Key Results of 2010 Global Internal Audit Survey • Most respondents believe their internal audit activities add value:
– Strong value in the area of controls – 70% agree: compliance with IIA Standards is a key value-adding factor
• Respondents less confident in their ability to add significant value in the key areas of risk management and governance
• Most common method used to measure value: % of program completion
– Stakeholder and client surveys only used by 20% of respondents
• Balanced scorecard approach to measurement is expected to gain importance over the next five years
©2012 CliftonLarsonAllen LLP 22
Imperative 4: Focus, Monitor & Report on Internal Audit’s Value
Survey Insights & Implications
The value of an internal audit activity is directly related to its perceived contributions to the organization – Such contributions are a proxy for value provided
– Not all perceptions have equal value; those of top
management and the audit/supervisory committee matter most
©2012 CliftonLarsonAllen LLP 23
Key Action Steps
• Determine key stakeholders (executive management and the audit/supervisory committee) perceptions of internal auditing and define the value they expect the activity to provide – Analyze their perceptions and develop approaches for internal auditing
to address perceived weaknesses
– Develop specific statements describing how internal auditing either currently delivers or will deliver expected value
– Revalidate these value statements with your key stakeholders
©2012 CliftonLarsonAllen LLP 24
Key Action Steps
• Develop specific performance measures to facilitate monitoring and measurement of internal audit activities designed to meet stakeholder-driven value expectations
– Consider the use of a tailored balanced scorecard
– Key Caveat: Do not base performance measures solely on
tactical activities performed by internal auditing
©2012 CliftonLarsonAllen LLP 25
Imperative 5: Strengthen Audit Committee Communications & Relationships
Key Results of 2010 Global Internal Audit Survey
• 85.3% rated communication skills “very important,” the highest ranking possible
• When asked to rank the importance of key behavioral skills, 85.2% of survey respondents gave communication a “very important” rating
• 67.1% of respondents ranked the ability to promote the value of internal auditing as “very important”
©2012 CliftonLarsonAllen LLP 26
Key Results of 2010 Global Internal Audit Survey; Audit/Supervisory Committee Interactions
• 74% of the 2010 respondents either meet or talk with the audit/supervisory committee or the chair outside of regularly scheduled meetings
• Areas of concern: – 25.9% of respondents indicated that they do not interact
with the audit/supervisory committee chair outside of regularly scheduled committee meeting
– 40.4% do not have private executive sessions with the audit/supervisory committee
Imperative 5: Strengthen Audit Committee Communications & Relationships
©2012 CliftonLarsonAllen LLP 27
Key Action Steps
• Critically assess the quality, frequency and content of your interactions with the audit/supervisory committee chair
• Meet with the committee chair to determine audit/supervisory committee expectations of the internal audit activity with a particular focus on: – The “value” members of the committee expect internal auditing to
deliver to senior management and the committee
– Interactions between I/A and the audit committee chair
©2012 CliftonLarsonAllen LLP 28
Key Action Steps
• Develop an annual training program for audit/supervisory committee members: – Discuss with the committee chair possible topics where I/A can
assist the committee with educational or advisory activities
– Identify external training opportunities where I/A can participate with the committee members or chair
• Have frank and candid discussions with executive management and the audit/supervisory committee on the adequacy of funding and support for the internal audit activity
©2012 CliftonLarsonAllen LLP 29
Imperative 6: View Standards’ Compliance as Mandatory, Not Optional
Key Results of 2010 Global Internal Audit Survey; Audit/Supervisory Committee Interactions • More than 70% of respondents either “agree” or “strongly agree” that
compliance with the International Standards for the Professional Practice of Internal Auditing is a key factor in the ability of an internal audit activity to add value to the governance process
• However, only 46.3% of respondents reported that their organizations
were in full compliance with the Standards in 2010 – a figure that is down significantly from the 59.9% reporting full
compliance in 2006
• AS 1300 – which focuses on Quality Assurance and Improvement – was the Standard with the lowest level of compliance in 2010
©2012 CliftonLarsonAllen LLP 30
Imperative 6: View Standards’ Compliance as Mandatory, Not Optional
Survey Insights & Implications • Full compliance with the Standards helps enhance the standing of both
the internal audit profession and individual internal audit activities
• Anything short of full compliance with the Standards erodes the ability of internal auditors to gain the full respect and support of their key stakeholders and to be viewed as true professionals by these stakeholders
An organization would not accept failure on the part of its external auditor to comply with their professional standards; likewise, compliance with internal audit
standards deserves the same high level of respect
©2012 CliftonLarsonAllen LLP 31
Key Action Steps
• Critically assess your strategies and performance relative to the Standards and Code of Ethics – Develop an action plan to become fully compliant with the Standards
and the Code of Ethics
• Ensure that the internal audit charter, policies and practices reflect the mandatory nature of the Standards
• Conduct an in-depth briefing with the audit/supervisory committee and executive management to educate your key stakeholders on the Standards – Your degree of Standards’ compliance
– How the Standards relate to your quality and compliance efforts
©2012 CliftonLarsonAllen LLP 32
Key Action Steps
• Conduct training on the Standards with members of the internal audit activity – Ensure that staff members understand the Standards and the Code of
Ethics from both a technical and professional perspective
– Establish appropriate targets for the internal audit activity with regard to professional certifications
• Provide the audit/supervisory committee with reports on internal audit’s
continuous improvement program and quality targets
©2012 CliftonLarsonAllen LLP 33
7. Acquire & Develop Top Talent
8. Enhance Training for Internal Audit Activities
9. Take Advantage of Expanding Service Provider Membership
Group III Optimize Internal Audit Resources
©2012 CliftonLarsonAllen LLP 34
Imperative 7: Acquire & Develop Top Talent
Key Results of 2010 Global Internal Audit Survey • Roughly half of the organizations responding expect to recruit more
staff during the next five years
• According to survey results, two types of skills are in greatest demand: – Understanding the business
– Risk analysis and control assessment techniques
©2012 CliftonLarsonAllen LLP 35
Imperative 7: Acquire & Develop Top Talent
Survey Insights & Implications • Key challenges for internal audit activities today:
– Increase business knowledge (general and specific) among staff members
– Keep up to date with industry and regulatory changes
– Anticipate new activities that will require different or expanded skill sets
◊ Risk analysis and governance ◊ Risk and control assessments ◊ Data collection and analysis
Competition for these skill sets will be intense.
©2012 CliftonLarsonAllen LLP 36
Key Action Steps
• Consider the broad talent needs of the organization and how internal auditing fits into the organization’s overall Human Resources (HR) strategy – Especially as a grooming ground for talent
• Develop a succession plan for internal audit management that identifies backup candidates for key positions
• Conduct an internal audit skills inventory – identify current strengths and weaknesses
– project the levels and types of talent needed within 2 - 4 years
©2012 CliftonLarsonAllen LLP 37
Key Action Steps
• Develop specific plans to either acquire staff with strong business knowledge or train existing staff to achieve desired knowledge levels
• Consider establishing a formal rotation program within your organization to capitalize on business-unit talent and expertise
• Identify needed skill sets that would be unrealistic to house within internal auditing
– Develop plans to borrow staff from other departments within the organization or source from third parties
©2012 CliftonLarsonAllen LLP 38
Imperative 8: Enhance Training for Internal Audit Activities
Key Results of 2010 Global Internal Audit Survey • Three types of technical skills stand out as being the most important
to internal auditors: – Those that help build a better understanding of the business
– Those that facilitate risk analysis and control, and
– Those associated with governance, risk, and control tools and
techniques
©2012 CliftonLarsonAllen LLP 39
Imperative 8: Enhance Training for Internal Audit Activities
Survey Insights & Implications • Increased automation is spurring the need for specialized training in
data collection and analysis, operational research, and new audit tools and technologies
• Practitioners also need to enhance their skills outside of accounting and auditing in areas such as communications, team-building, interpersonal dynamics
• Keeping up to date with industry and regulatory changes and professional standards
©2012 CliftonLarsonAllen LLP 40
Key Action Steps
• Conduct a critical inventory of the skills needed to execute your longer-term strategy or vision – Focus on the organization’s risks not the current audit plan
• Assess the skills and competencies of current staff members: – Develop an inventory of current skills and competencies
– Compare your skills and competency inventory with your projected
needs
– Develop tailored training plans and objectives designed to equip existing staff members to fill organizational needs over the next 2 – 4 years
©2012 CliftonLarsonAllen LLP 41
Key Action Steps
• If your strategic planning includes developing talent for the organization, assess the types of skills and competencies that will be required by the business
• Review your human resource policies related to promotion and advancement and – Ensure that your required technical and interpersonal competencies
are clearly delineated
– Consider requirements for professional certifications for advancement to higher levels
– Consider other requirements, such as an advanced degree, for staff who do not expect to be career auditors
©2012 CliftonLarsonAllen LLP 42
Imperative 9: Take Advantage of Expanding Service Provider Membership
Key Results of 2010 Global Internal Audit Survey • 25.7% of respondents work for professional firms that provide internal
audit services or for outside service providers – This percentage is up sharply from 11% in 2006
– Percentage of service-provider respondents more than doubled in
only 4 years
• 43.3% of the 2010 respondents reported being involved in a third-party outsourcing or co-sourcing arrangement
• 25.5% planned to increase their co-sourcing or outsourcing budget
©2012 CliftonLarsonAllen LLP 43
Imperative 9: Take Advantage of Expanding Service Provider Membership
Survey Insights & Implications • Service providers now represent a large, knowledgeable source of talent
– Alternative source of support to address staffing & resource needs
– Flexible “capacity multiplier”
• Many I/A Departments routinely turn to the ranks of service providers when looking for qualified candidates for permanent positions
• For internal audit professionals, service providers offer another avenue of possible career direction and growth
©2012 CliftonLarsonAllen LLP 44
Key Action Steps
• Determine the skill sets and staffing levels you will need
• Develop a flexible component to your staffing needs
• Develop the infrastructure (processes and practices) needed to budget for and hire third-party staff resources
• Know the objectives of your sourcing approach and the type of third-party relationship you want
• Identify multiple third parties to consider or use
• Develop appropriate relationships
• Discuss within the I/A Department!
©2012 CliftonLarsonAllen LLP 45
10. Step up Your Use of Technology
Technology is key to your success.
Group IV Leverage Technology Effectively
©2012 CliftonLarsonAllen LLP 46
Imperative 10: Step Up Your Use of Audit Technology & Tools
Key Results of 2010 Global Internal Audit Survey • Nearly half of respondents (47.5%) are employing data mining
• Nearly half (46.9%) are using CAATs – Computer Assisted Audit
Techniques
• Nearly a third (30.9%) are employing some form of continuous auditing
©2012 CliftonLarsonAllen LLP 47
Imperative 10: Step Up Your Use of Audit Technology & Tools
Looking ahead five years, respondents expect to see significant increases in the use of all types of tools. Global Survey Results
– CAATs
– Electronic Workpapers
– Continuous Real – Time Auditing
– Data Mining
– Risk-Based Audit Planning
©2012 CliftonLarsonAllen LLP 48
Imperative 10: Step Up Your Use of Audit Technology & Tools
Survey Insights & Implications • Need to do more with audit technology and automated tools
– Technology has become a key enabler for a broad range of internal
audit activities
• To optimize the potential benefits of technology, many internal audit groups will need to change how they operate – Data mining and other technology-enables auditing techniques often
require new technologies and skill sets not typically found in many internal audit activities today
– Continuous monitoring can require major revamping of more traditional, manually oriented audit procedures
©2012 CliftonLarsonAllen LLP 49
Key Action Steps
• Develop a long-term technology strategy that addresses:
– Automation of core internal audit processes
– The needs for automated support of data mining and analysis, continuous monitoring, and other technology-based activities
– Technology-related skill sets, reflecting the findings of a skills inventory pointing out any gaps in required skill sets
– Budget requirements to achieve technology-related goals
– The anticipated benefits of technology investments and activities
– Metrics to measure the effectiveness of technology investments, processes, and activities
©2012 CliftonLarsonAllen LLP 50
Key Action Steps
• Develop a comprehensive training program to support both current and long-term technology use – Identify a core set of technology skills for all staff
– Develop experts in certain tools or technology related skills
– Monitor the usage of technology against established goals
©2012 CliftonLarsonAllen LLP 51
Stakeholder Expectations and Perception Study
• The Audit/Supervisory Committee’s Expectations and Perception of Internal Auditing
• The Evolving Role of Internal Auditing
• Skills and Staffing of the Internal Audit Activity
• Trends in Internal Audit Tools and Techniques
• The Evolution of the Internal Audit Profession
©2012 CliftonLarsonAllen LLP 52
The Audit/Supervisory Committee’s Expectations and Perceptions of Internal Auditing
• What specific internal audit activities does I/A believe add value to the organization?
• What are the audit/supervisory committee’s specific expectations of the internal audit?
• What are the Key Performance Indicators (KPIs) for the internal audit activity from the committee‘s perspective?
• Does internal auditing meet committee expectations for the function? Does the committee believe that internal auditing adds value?
• Does the internal audit charter specifically address the areas of internal audit activities where members of the committee believe the internal audit activity is adding value?
©2012 CliftonLarsonAllen LLP 53
Results • Overall, survey respondents offered a favorable view of Internal auditing in
general and their own organization’s activity in particular.
• Majority rated internal auditing highly in terms of knowledge, adaptability, and value.
• Nearly one-third of respondents believe internal auditing is insufficiently funded.
• Almost one-half of the respondents believe internal auditing does not excel at developing talent for leadership positions throughout the organization.
The Audit/Supervisory Committee’s Expectations and Perceptions of Internal Auditing
©2012 CliftonLarsonAllen LLP 54
Results (continued)
• The majority find internal audit reports to be clear and informative, although a small number cite lack of timeliness in issuance.
• Most view internal auditing as more than simply an auditor or enforcer, but as a consulting resource.
• Although most stakeholders are aware of the professional standards and certifications, many do not consider compliance or attainment to be critical.
The Audit/Supervisory Committee’s Expectations and Perceptions of Internal Auditing
©2012 CliftonLarsonAllen LLP 55
Optimizing Internal Auditing
Key Areas of Focus
• Leading Practices in Relationships • Funding Adequacy • Talent Development • Communications • Consulting Resource • Strategic Risk and Corporate Governance • Standards and Certification
Be relevant to your organization,
Gain the trust of your key stakeholders, and Make the best use of your resources.
©2012 CliftonLarsonAllen LLP 56
GOVERNANCE
©2012 CliftonLarsonAllen LLP 57
Organizational Governance
Policies, processes, and structures used by an organization to direct and control its activities, to achieve its objectives, and to protect the interests of its diverse stakeholder groups in a manner consistent with appropriate ethical standards.
©2012 CliftonLarsonAllen LLP 58
In Other Words…
It (governance) is essentially a function of leadership and direction within an organisation; appropriate risk management and control over its activities; and the manner in which meaningful disclosure relating to its activities is made to shareholders and other stakeholders.
-King II Report, 2002 South Africa
©2012 CliftonLarsonAllen LLP 59
Governance Processes Impact How The Organization:
− Complies with society’s legal & regulatory rules
− Satisfies the generally accepted business norms, ethical precepts, and social expectations of society
− Provides overall benefit to society and enhances interests of stakeholders
− Reports fully and truthfully to its owners, regulators, other stakeholders, and general public to ensure accountability for its decisions, actions, conduct , and performance
©2012 CliftonLarsonAllen LLP 60
Effective
Governance
The IIA Corporate Governance Model
©2012 CliftonLarsonAllen LLP 61
Governance Models Include the Following
• Board of Directors
• Management
• External Auditor
• Internal Auditor
©2012 CliftonLarsonAllen LLP 62
Board Responsibilities
• Establish the “tone at the top”
• Focal point for all governance activities
• Ultimate accountability
• Oversee organizational activities, but do not directly manage them
©2012 CliftonLarsonAllen LLP 63
Senior Management Responsibilities
• Establish strategic direction and the entity’s value system (with Board oversight)
• Maintain oversight of the risk management process, operations monitoring, results measurement, and implementation of corrective actions
©2012 CliftonLarsonAllen LLP 64
Operating Management Responsibilities
• Deploy strategy, enforce internal control, and provide direct supervision for areas under its control
• Accountable to executive management for implementing and monitoring the risk management process and establishing effective internal control systems
©2012 CliftonLarsonAllen LLP 65
External Audit Responsibilities
• Provide independent assurance on the financial statement preparation and reporting activities in accordance with applicable regulations and accounting principles
©2012 CliftonLarsonAllen LLP 66
Internal Audit Responsibilities
• Complete assessments to provide assurance that the governance structures and processes are designed properly and operating effectively
• Provide recommendations to improve governance structures and processes
©2012 CliftonLarsonAllen LLP 67
Standard 2130
IA should assess and make recommendations for improving the governance process by:
• Promoting appropriate ethics & values
• Ensuring effective performance management
• Communicating risk & control information
• Coordinating activities & communication between Board, External Auditors, Internal Auditors & Management
©2012 CliftonLarsonAllen LLP 68
Internal Audit’s Role
• Assessor
• Advisor
• Advocate
• Catalyst
©2012 CliftonLarsonAllen LLP 69
Internal Audit Governance Maturity Model
More Structured Less Structured
Perform audits of design and effectiveness of
specific governance related processes
Provide advice with focus on governance structure to meet compliance requirements and basic risks of organization
Consideration of best practices and adaptation to the specific organization – focus on optimization of governance practices and structure
Allo
cati
on
of
Au
dit
©2012 CliftonLarsonAllen LLP 70
Internal Audit Activities
• Assessment of:
– Board Structure, Objectives, and Dynamics
– Board Committee Functions
– The Board Policy Manual
– Processes for Maintaining Awareness of Governance Requirements
©2012 CliftonLarsonAllen LLP 71
IA Activities
• Assessment of: – Board Continuing Education
– Assignment of Accountabilities and Performance Management
– Communication and Acceptance of Ethics Policies and Codes of Conduct
– Ethics Investigations and Related Employee Discipline
– Management Evaluation and Compensation
©2012 CliftonLarsonAllen LLP 72
IA Activities
• Assessment of:
– Recruitment Process for Senior Management and Board Members
– Employee Training
– Governance Self-assessments
– Comparison with Governance Codes or Best Practices
– External Communications
– Oversight of External Audit
©2012 CliftonLarsonAllen LLP 73
• Governance changes rapidly and internal audit must monitor the changes and evaluate their impact on the governance process.
• Internal auditor skills and competencies should be evaluated before undertaking audits in the governance area.
Cautions
©2012 CliftonLarsonAllen LLP 74
Implementation
• Discuss options for expanding internal audit’s role with the Audit/Supervisory Committee and executive management.
• Develop a broad framework of the governance structure in the organization, identifying potential areas of weakness or concern.
• Develop a multi-year plan to build internal audit’s role.
• Complete a pilot audit of one activity
©2012 CliftonLarsonAllen LLP 75
QUESTIONS AND ANSWERS